Own how your organization uses AI.
systemprompt.io is the narrow waist between your AI and everything it touches. Self-hosted. Air-gapped. Owned. Every interaction governed and provable.
Provider-agnostic
Govern. Every tool call.
AI agents take actions on behalf of your people. Without governance, any agent can use any tool, access any data, and leak any credential. systemprompt.io enforces who can do what before it happens — not after.
- Permission hierarchy constrains what agents can do (OWASP: Excessive Agency)
- Full identity propagation — every action tied to a real user (OWASP: Identity Abuse)
- Secret scanning catches credentials before they reach inference (OWASP: Privilege Abuse)
- Rate limiting prevents runaway agents and cost overruns
- Schema validation enforces tool definitions before deployment
Prove. Every decision.
When the auditor asks what AI did and who authorised it, you query the answer. Full lineage from AI request to tool call to MCP execution, all linked by trace_id. Structured evidence, not policy documents.
- Full audit trail: AI request → tool calls → MCP executions → cost
- Structured JSON events for Splunk, ELK, Datadog, and Sumo Logic
- Cost tracking in microdollars by model, agent, and department
- Every action linked by trace_id to a real authenticated identity
- CLI-queryable audit services — search and export in seconds
Standardise. Every team.
Your best AI workflows should not live in one developer's head. systemprompt.io is the skill library for your organisation — curated knowledge, governed plugins, consistent standards from day one.
- Centralised skill marketplace for the organisation
- Plugin bundles with governed distribution by role and department
- 30-second skill creation through guided interview
- Works across Cowork, Code, and Desktop
- Update once, sync to every team member
Governance you can prove
When the auditor asks what AI did and who authorised it, you query the answer. Every call traced, every secret isolated, every action logged as structured evidence.
Air-Gapped Deployment
A single Rust binary that is its own token issuer and validator. No external calls, no data leaving your network. Plug your existing IdP in and the binary handles the rest.
Single binary, zero outbound connectionsSecrets Never Touch Inference
Secrets flow through MCP services, not inference endpoints. The agent calls the tool, the MCP service injects the credential server-side. No secrets in context windows, no secrets in logs.
Server-side credential injection via MCPIdentity-Bound Audit Trails
Every tool call is tied to the authenticated user, timestamped, and stored as structured JSON. Full lineage from request to tool call to MCP execution, linked by trace ID.
User-bound structured audit log per tool callEvent Hook Infrastructure
10 lifecycle event hooks track every stage of tool execution — from session open to subagent completion. Hook data flows to your SIEM, logging pipeline, or custom handlers for monitoring and alerting.
10 event hooks across tool lifecycleData-Domain Scoping
Skills, plugins, and MCP servers scoped by role and department. Finance sees finance tools. Engineering sees engineering tools. Down to which MCP servers are even visible.
Role + department scoped tool surfacesFull Data-Plane Ownership
Your infrastructure, your database, your compliance boundary. Auditable Rust source code under BSL-1.1. No data leaves your network unless you configure it to.
Self-hosted with auditable sourceArchitecture supports SOC 2, ISO 27001, and HIPAA compliance programs. Informed by OWASP Top 10 for Agentic Applications.
The complete AI governance stack
Everything you need to standardise, govern, and observe AI usage across your organisation. One library, one binary, one control plane.
Governance Pipeline
Synchronous four-layer evaluation on every tool call. Scope check, secret scan, blocklist, rate limit.
→MCP Governance
Per-server OAuth2, governed tool calls, and central MCP server registry with health monitoring.
→Secrets Management
ChaCha20-Poly1305 encryption with per-user key hierarchy. Secrets never touch inference.
→Analytics & Observability
Audit trails, cost attribution, SIEM integration. Structured JSON for Splunk, ELK, Datadog, and Sumo Logic.
→No Vendor Lock-In
Open formats, Git portability, lossless export. Your skills, your data, your choice.
→Compliance
Architecture supports SOC 2, ISO 27001, and HIPAA compliance programs. Informed by OWASP Top 10 for Agentic Applications.
→Cowork Plugin
One-click install for Claude Desktop. Your governed skills, synced automatically.
→Skill Marketplace
Curated library of your organisation's AI knowledge. Browse, install, create, and fork skills in 30 seconds.
→Self-Hosted Binary
Single 50MB Rust binary. Air-gapped, stateless, PostgreSQL only. Your infrastructure, your data.
→What CTOs ask us
"Do we get full visibility into AI agent activity?"
Every tool call, every agent action, every decision — captured as structured data and stored in your database. Query it from the dashboard or CLI. Forward to Splunk, Datadog, or ELK if you want, but you don't need to.
Complete audit trail from prompt to tool call to response. Built in, not bolted on.
"What about data sovereignty and air-gapped environments?"
Single 50MB Rust binary. Self-hosted, air-gap capable, no external dependencies beyond PostgreSQL. No data leaves your network, ever.
Zero outbound connections. Your infrastructure, your data, your jurisdiction.
"How do we enforce consistent AI policies across teams?"
The governance pipeline enforces scope checks, secret scanning, blocklists, and rate limits on every tool call. Six-tier RBAC controls who can do what.
One policy layer across every team, every agent, every provider.
"We have developers. Why not build it ourselves?"
AI providers ship breaking changes every few weeks. An in-house governance layer means a permanent team tracking API changes, rewriting integrations, and maintaining compatibility.
Realistic timeline: 6-18 months to production, then permanent maintenance.
"Can we actually track AI costs and usage?"
Token consumption by model, agent, department, and user. One dashboard across all providers and teams, with CSV export for finance.
Every token, every call, every pound spent — broken down by team and agent.
"What happens if systemprompt.io goes away?"
You run the binary on your infrastructure. Source code is auditable under BSL-1.1. Skills and agents are portable YAML and Markdown.
Your instance, your source code, your data formats. All standard, all forkable.
Frequently asked questions
Where does our data go?
Nowhere you don't control. systemprompt.io runs on your infrastructure as a self-hosted binary. Data flows through your servers to your configured AI providers. Source code is auditable under BSL-1.1. Nothing leaves your network unless you configure it to.
How does this fit into our existing security stack?
Every governance decision, tool call, and session event is emitted as structured JSON. Forward it to your existing SIEM, logging pipeline, or alerting system. The binary also stores everything in PostgreSQL for direct querying from the dashboard and CLI.
What happens when AI providers ship breaking changes?
systemprompt.io absorbs that complexity. Provider APIs, plugin architectures, and protocol specs change constantly. The governance layer adapts so your policies, audit trails, and access controls remain stable regardless of what changes underneath.
Can we enforce different policies for different teams?
Yes. Six-tier role-based access control with department scoping. Skills, plugins, and MCP servers are scoped per role and per department. Engineering sees engineering tools. Finance sees finance tools. Policies are defined centrally and enforced consistently.
Does this lock us into a single AI provider?
No. systemprompt.io is provider-agnostic. It supports multiple model providers through a unified governance layer. Switching providers requires configuration changes, not rewrites. Your governance policies, access controls, and audit trails remain intact.
What does deployment actually look like?
A single 50MB compiled Rust binary with PostgreSQL. No containers required, no microservices, no external dependencies. Air-gap capable. Deploy to your own servers, connect to your database, and the system is running. Branded sandbox to production in days, not months.
How does licensing work?
The underlying library is licensed under the Business Source License (BSL-1.1). You can evaluate it for free with no time limit. Production use requires a commercial licence, which is fully negotiable. Contact us to discuss terms that fit your organisation.
Who owns the code we build on top of it?
You do. All implementation code, extensions, skills, configurations, and customisations are your intellectual property. You only need a licence for the underlying systemprompt.io library itself. Everything you build on top of it belongs to your company.
Let's talk
your implementation
Discuss technical implementation, enterprise licensing, or custom integrations with the founder. For teams that have evaluated the template and are ready to move forward.
-
Technical implementation Deployment architecture, IdP integration, SIEM pipelines, and custom extensions
-
Enterprise licensing Volume licensing, SLA guarantees, and perpetual licence terms under BSL-1.1
-
Custom integrations Rust extensions, custom governance rules, and provider-specific configurations
30 minutes with the founder. For teams ready to move beyond evaluation.
You're in. Check your inbox.
We've sent you an email with a link to book your 30-minute call. Check your inbox.
While you wait: How to roll out Claude across your organisation